The Rise of Crypto Crime: 5 Cases Security Professionals Can Learn From

Who hasn’t heard about Bitcoin, Ethereum and Ripple? Cryptocurrencies, supported by blockchain technology, are revolutionizing financial markets as we know them. But with new possibilities comes a new generation of cybercriminals and previously unthought-of security risks. Let’s examine five recent cases of crypto crime to illustrate this point.

Bancor: Exchange Platform Affected by Security Breach

Bancor’s online cryptocurrency exchange platform recently was compromised, as cybercriminals siphoned $13.5 million worth of Ethereum and NPSX tokens—some of which were transferred via an instant conversion service. Luckily, users did not lose money as their assets were not stored in hot wallets directly connected to the internet. After the incident, Bancor quickly identified and dealt with the cause of the vulnerability. However, the attack still significantly impacted BNT tokens, whose value dropped by 14 percent.

The Coincheck Hack: $500+ Million Lost to Hackers

The biggest crypto heist in history happened last January when hackers stole the equivalent of $523 million in NEM coins from Japanese cryptocurrency exchange Coincheck. As opposed to the Bancor’s case, users’ tokens were not securely stored offline in cold wallets and individual holders were directly affected by the theft. Experts criticized Coincheck’s low-security standards and the lack of preventive measures such as the use of multi-signature wallets that require more than one private key to be accessed.

Ethereum Geth: Poor Configuration of Nodes

A security misconfiguration of the Ethereum Geth client port 8545 detected months ago has repetitively led to the theft of ethers (ETH). At the moment of discovery, nearly around four tokens were stolen, but hackers persisted and in a few months managed to collect more than $20 million worth of ETH. By failing to update their Geth Ethereum client and block port 8545, users both lost money and put their private data at risk.

Europol: Bitcoin Money Laundering Network Dismantled

Not only tech-savvy hackers are interested in exploiting cryptos. A Europol crackdown conducted last April shows that organized crime groups take advantage of tokens to launder money. In fact, the narcotraffickers used a local Finnish crypto exchange platform to acquire Bitcoins with their illegal proceeds before later reconverting the funds into Colombian pesos. In total, $8 million were deposited across 174 bank accounts. The police seized computers and arrested 11 people—effectively taking down the illicit activity.

Tesla: Cryptojacking of Cloud Computing Power

Mining cryptocurrencies demands lots of resources. So when criminals don’t have enough computing power at their disposal, they do not hesitate to use large organizations’ equipment instead—as it happened when Tesla’s cloud infrastructure got cryptojacked due to a password protection gap. Interestingly, hackers could have accessed some of the company’s sensitive information but preferred to focus on mining instead. Tesla quickly handled the issue once discovered and no customer data was endangered.

Takeaways

So what can be learned from these cases? Here are a few things to bear in mind with cryptocurrencies.

Avoid Crypto Rookie Mistakes

First thing first, individuals must be careful with hot wallets. These should only be used in limited circumstances and always in conjunction with cold storage. Moreover, it’s important to keep track of reported vulnerabilities and misconfigurations, as ignoring them can lead to massive financial losses.

Beefing up Security

Companies, both businesses issuing cryptocurrencies and large enterprises, must monitor their infrastructure to detect and prevent crypto attacks. What’s more, they should pay close attention to signs of account compromise and suspicious network traffic.

The Role of Governments

Finally, authorities must stay on of top of emerging forms of crypto crime. Governmental agencies have become more proactive, but the sector still lacks adequate regulations and criminals are adapting fast to new situations—for example, by opting for lesser known or private cryptocurrencies.

Bottom line: Cryptocurrencies present many opportunities and use cases, at the same time as new security threats that users, companies, and governments need to tackle to reduce their exposure to crypto crime.

Featured eBook
A Hindsight Look at The Equifax Breach

A Hindsight Look at The Equifax Breach

In this whitepaper you will understand the root cause of this breach and how it could have been easily prevented, learn how to detect open source vulnerabilities in real-time for quick remediation and get a detailed implementation plan to ensure your organization won’t become the next Equifax. This complimentary download is offered by WhiteSource. Download Now ... Read More
WhiteSource
Jonathan Zhang

Jonathan Zhang

Jonathan Zhang is a serial entrepreneur in the infosec industry and the founder of WhoisXML API and Threat Intelligence Platform (TIP). He has vast experience in building tools, solutions, and systems for CIOs, security professionals, and third-party vendors and enjoys giving practical tips for better threat detection and prevention.

jonathan-zhang has 1 posts and counting.See all posts by jonathan-zhang